quarta-feira, 18 de junho de 2014

DDOS com o Pyresonance

Alterei o exemplo IDS do Pyresonance para receber eventos JSON para bloquear um fluxo ou liberá-lo. O comportamento inicial da FSM é liberar todos os fluxos.O programa e o globals estão no Gist.

Os eventos JSON para bloquear o host e liberá-lo são:
python ~/pyretic/pyretic/pyresonance/json_sender.py --flow='{srcip=10.0.0.1}' -e ids -s attack -a 127.0.0.1 -p 50003
python ~/pyretic/pyretic/pyresonance/json_sender.py --flow='{srcip=10.0.0.1}' -e ids -s clean -a 127.0.0.1 -p 50003

Agora, para verificar os fluxos instalados no mininet:
sudo mn --topo=single,3 --controller=remote
cd ~mininet/pyretic
./pyretic.py pyretic.pyresonance.main --config=./pyretic/pyresonance/global.config.dos_external --mode=manual

mininet: h1 ping h2

[mininet@mininet-vm:~]$sudo ovs-appctl bridge/dump-flows s1
duration=56s, priority=0, n_packets=1, n_bytes=42, priority=0,arp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=8a:3a:15:ce:f1:17,nw_src=10.0.0.2,nw_dst=10.0.0.1,arp_op=1,actions=output:2,output:1
duration=61s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=8a:3a:15:ce:f1:17,nw_src=10.0.0.2,nw_dst=10.0.0.1,arp_op=2,actions=output:2,output:1
duration=56s, priority=0, n_packets=1, n_bytes=42, priority=0,arp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.1,nw_dst=10.0.0.2,arp_op=2,actions=output:3,output:2
duration=61s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=ff:ff:ff:ff:ff:ff,nw_src=10.0.0.1,nw_dst=10.0.0.2,arp_op=1,actions=output:2,output:3
duration=61s, priority=0, n_packets=60, n_bytes=5880, priority=0,icmp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.1,nw_dst=10.0.0.2,nw_tos=0,icmp_type=8,icmp_code=0,actions=output:2,output:3
duration=61s, priority=0, n_packets=60, n_bytes=5880, priority=0,icmp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=8a:3a:15:ce:f1:17,nw_src=10.0.0.2,nw_dst=10.0.0.1,nw_tos=0,icmp_type=0,icmp_code=0,actions=output:1,output:2
duration=62s, priority=0, n_packets=15, n_bytes=1054, priority=0,actions=CONTROLLER:65535

[mininet@mininet-vm:~]$python ~/pyretic/pyretic/pyresonance/json_sender.py --flow='{srcip=10.0.0.1}' -e ids -s attack -a 127.0.0.1 -p 50003

Flow = {srcip=10.0.0.1}
Data Payload = {'dstip': None, 'protocol': None, 'srcmac': None, 'tos': None, 'vlan_pcp': None, 'dstmac': None, 'inport': None, 'ethtype': None, 'srcip': '10.0.0.1', 'dstport': None, 'srcport': None, 'vlan_id': None}
ok

[mininet@mininet-vm:~]$sudo ovs-appctl bridge/dump-flows s1

duration=13s, priority=0, n_packets=12, n_bytes=1176, priority=0,icmp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.1,nw_dst=10.0.0.2,nw_tos=0,icmp_type=8,icmp_code=0,drop
duration=14s, priority=0, n_packets=1, n_bytes=98, priority=0,actions=CONTROLLER:65535

h2 ping h3

[mininet@mininet-vm:~]$sudo ovs-appctl bridge/dump-flows s1
duration=10s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=ff:ff:ff:ff:ff:ff,nw_src=10.0.0.2,nw_dst=10.0.0.3,arp_op=1,actions=output:1,output:2
duration=5s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=aa:b5:d9:88:c5:ba,nw_src=10.0.0.2,nw_dst=10.0.0.3,arp_op=2,actions=output:2,output:1
duration=10s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=2,dl_src=aa:b5:d9:88:c5:ba,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.3,nw_dst=10.0.0.2,arp_op=2,actions=output:3,output:1
duration=5s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=2,dl_src=aa:b5:d9:88:c5:ba,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.3,nw_dst=10.0.0.2,arp_op=1,actions=output:3,output:1
duration=46s, priority=0, n_packets=25, n_bytes=2450, priority=0,icmp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.1,nw_dst=10.0.0.2,nw_tos=0,icmp_type=8,icmp_code=0,drop
duration=10s, priority=0, n_packets=10, n_bytes=980, priority=0,icmp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=aa:b5:d9:88:c5:ba,nw_src=10.0.0.2,nw_dst=10.0.0.3,nw_tos=0,icmp_type=8,icmp_code=0,actions=output:1,output:2
duration=10s, priority=0, n_packets=10, n_bytes=980, priority=0,icmp,in_port=2,dl_src=aa:b5:d9:88:c5:ba,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.3,nw_dst=10.0.0.2,nw_tos=0,icmp_type=0,icmp_code=0,actions=output:3,output:1
duration=47s, priority=0, n_packets=7, n_bytes=462, priority=0,actions=CONTROLLER:65535

[mininet@mininet-vm:~]$python ~/pyretic/pyretic/pyresonance/json_sender.py --flow='{srcip=10.0.0.1}' -e ids -s clean -a 127.0.0.1 -p 50003

[mininet@mininet-vm:~]$sudo ovs-appctl bridge/dump-flows s1                                                              duration=925s, priority=0, n_packets=28, n_bytes=1176, priority=0,arp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=8a:3a:15:ce:f1:17,nw_src=10.0.0.2,nw_dst=10.0.0.1,arp_op=1,actions=output:2,output:1
duration=930s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=8a:3a:15:ce:f1:17,nw_src=10.0.0.2,nw_dst=10.0.0.1,arp_op=2,actions=output:2,output:1
duration=925s, priority=0, n_packets=28, n_bytes=1176, priority=0,arp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.1,nw_dst=10.0.0.2,arp_op=2,actions=output:3,output:2
duration=930s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=ff:ff:ff:ff:ff:ff,nw_src=10.0.0.1,nw_dst=10.0.0.2,arp_op=1,actions=output:2,output:3
duration=930s, priority=0, n_packets=930, n_bytes=91140, priority=0,icmp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.1,nw_dst=10.0.0.2,nw_tos=0,icmp_type=8,icmp_code=0,actions=output:3,output:2
duration=930s, priority=0, n_packets=930, n_bytes=91140, priority=0,icmp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=8a:3a:15:ce:f1:17,nw_src=10.0.0.2,nw_dst=10.0.0.1,nw_tos=0,icmp_type=0,icmp_code=0,actions=output:2,output:1
duration=931s, priority=0, n_packets=10, n_bytes=756, priority=0,actions=CONTROLLER:65535

Postado por às

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)